Industry-wide government regulations (like HIPAA and HITECH) or widely accepted industry-standards (such as PCI) require companies and organizations to demonstrate that they have complied with the specific requirements of the regulations or standards. Compliance is an on-going process and, failure to maintain appropriate compliance on an ongoing basis can leave the organization vulnerable to attack or breach and can ultimately result in penalties or fines.